[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)




Am 11.05.2018 um 00:16 schrieb nusenu:
> Dear Exit Relay Operators,
> 
> I'd like to invite you to check your exit's DNS resolver by 
> having a look at the following list of exits using resolvers
> outside their AS (especially if it is Google, OpenDNS, Quad9 or Cloudflare).
> 
> You can search the list for you contactinfo, relay nickname or relay fingerprint (first 8 characters):
> 
> https://gist.github.com/nusenu/cb766ff7945fafd9f90ee7f211a2508f#file-tor-dns-april-2018-txt
> 
> 
> I extended the "DNS on Exit Relays" section in the Tor Relay Guide
> to include specific instructions what is recommended for Tor exit operators with 
> regards to DNS on exit relays.
> 
> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays
> 
> If you found yourself on the list above and changed your DNS to a local (same host or same AS)
> resolver or found a false-positive, please drop me an email (off-list is also ok).
> 
> 
> The goal is to be bellow the following thresholds within one year:
> - not have any single remoteAS entity control more than 10% exit capacity
> - reduce the overall remoteAS share to bellow 20% exit capacity
> 
> the longer version of this can be found at:
> https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca
> 
> thanks for helping with DNS decentralization on the tor network,
> nusenu

Thank you for giving another helpful push on that nusenu !!

I changed my Linux exits. 
Unfortunately the /etc/resolv.conf gets overwritten on reboot. On Linux I solved that with editing /etc/resolvconf/resolv.conf.d/base. In that file, i put in the info as i would in resolv.conf.

nameserver 127.0.0.1

Then i told resolvconf to regenerate resolv.conf

sudo resolvconf -u



How do i protect against overwriting best in FreeBSD (maybe there could be a hint on https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays ) as well?

Where can I find an Update of https://gist.github.com/nusenu/cb766ff7945fafd9f90ee7f211a2508f#file-tor-dns-april-2018-txt ?

How can one find out which DNS resolver an exit uses?

Thanks
Paul 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays